Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: FWD: Internet Explorer URL parsing vulnerability

From: S G Masood <sgmasood () yahoo com>
Date: Wed, 10 Dec 2003 05:21:36 -0800 (PST)


I dont understand character sets, you say, but let me
ask you one question - do you understand English? Let
me give you a hint - The original post and the thread
were about a URL masking vuln. in IE which just
happened to use the http://a@b feature...the issue at
hand was *not* that we could use http://a@b to
somewhat obfuscate a URL. Now go and read the advisory
and your post once
again(http://dictionary.reference.com would probably
help you).

Did you really think full-disclosure members had
fallen so low as to start a thread about the @ URL
obfuscation?


and as for the why the %01 works, i can only assume
as %01 is a non
printable character IE stops it there, its the same
as if u would use %02
and so on, or are you that moronic you dont
understand character sets?


Hmph! non printable character...%02...You call me a
"moron" based on your slouchy "assumption". It would
take you exactly 60seconds to test the validity of
your ideas before posting. Remember to try the "%02"
before you post once again.

Stop disgracing yourself on a serious public forum
with your stupid fantasies & assumptions and go gator
some kiddie list.

--
S.G.Masood


To Rest of The List - I never flame anyone but I
simply couldn't stop this time :)







----- Original Message ----- 
From: "S G Masood" <sgmasood () yahoo com>
To: <full-disclosure () lists netsys com>
Sent: Wednesday, December 10, 2003 8:06 PM
Subject: Re: [Full-disclosure] RE: FWD: Internet
Explorer URL parsing
vulnerability




--- VeNoMouS <venom () gen-x co nz> wrote:


umm tested this you dont need %01
either btw.

www.microsoft.com () www linux org



What is your point? Have you read the original

post?



Apart from this, does anyone have a "lowlevel"
explanation why the %01 trick works?


--
iNt27~





__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter:

http://lists.netsys.com/full-disclosure-charter.html







__________________________________
Do you Yahoo!?
Free Pop-Up Blocker - Get it now
http://companion.yahoo.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: